Licensing Transparency

Exactly how licensing works. No ambiguity.

How Licensing Works

Box is free for one email account, forever. Full functionality, no trial, no countdown, no missing features. If you need unlimited accounts, a one-time $10 payment unlocks them for life.

After purchasing through Stripe, your license key is delivered via email. To activate, enter the key in Settings > License. Your machine registers with Locksmith (locksmith.buxjr.com), our lightweight licensing service. A signed token is stored in your OS keyring, and from that point forward, license verification happens locally on each launch using an embedded Ed25519 public key. The token has no expiration date. No network connection is required after activation.

Free users never contact Locksmith at all. The free tier operates entirely locally with no licensing network activity of any kind.

Machine Activation

Each license allows activation on up to 5 machines. A machine is identified by /etc/machine-id, an OS-provided identifier that is stable across reboots and non-invasive. It reveals nothing about your hardware or identity.

  • Machines can be deactivated from within the app at any time.
  • Stale machines are automatically deactivated after 90 days of inactivity.

You can view and manage all your activated machines directly from within Box at Settings > License. If a machine you no longer use is taking up a slot, you can deactivate it remotely without needing physical access to that device.

Offline Behavior

After activation, Box verifies your license locally using Ed25519 signature verification on each launch. No server connection is required. The app works offline indefinitely.

Every couple of weeks, Box performs a brief check-in with Locksmith. This updates the "last seen" timestamp and serves two purposes: catching user-requested license revocations, and detecting stale machines so that lost, stolen, damaged, or reinstalled devices are automatically freed up for you. If Locksmith is unreachable, the check is silently skipped and Box continues working normally with all your accounts.

Privacy Protections

Locksmith receives only the minimum data needed to enforce fair usage limits:

  • Product identifier
  • License key
  • Machine ID
  • Device hostname (used to label your machines in the activation list)

Locksmith does not receive:

  • Email content
  • Account credentials
  • IP addresses (not logged by Locksmith)
  • Hardware serial numbers
  • Usage data

The licensing service exists solely to enforce fair usage limits. Nothing more.

Edge Cases

  • OS reinstall: A fresh install generates a new machine ID, which uses a new activation slot. The old slot is automatically freed after 90 days.
  • Machine limit reached: The app shows your active machines and lets you deactivate any of them to free a slot.
  • User-requested revocation: The local token is deleted and the app restricts to 1 account. Only you can revoke your license.
  • Server outage: Existing activations continue working indefinitely. Local tokens are self-contained.

Refund Policy

Refund requests may be submitted within 30 days of purchase. Refunds are evaluated reasonably at the Developer’s discretion. If a refund is issued, the associated license will be revoked. To request a refund, contact us.

For more details, see our Privacy Architecture and FAQ.